Many users may exchange messages through messaging services, such as email, social network messaging, text messaging, etc. A message account of a user with a messaging service may provide a messaging interface with various message folders, such as an inbox, a deleted folder, a spam folder, a sent folder, etc. In this way, the user may receive, read, and send messages through the messaging interface, and such messages may be stored within the appropriate message folders. In an example, the user may send work messages to co-workers, personal messages to friends, etc. through the messaging interface. In another example, the user may receive work messages, personal messages, newsletters, advertising messages, etc. through the messaging interface.
Unfortunately, the user may receive unsolicited messages with undesirable content, such as offensive or unwanted content, referred to as spam. Many spam filters may attempt to recognize normal ongoing spam campaigns from spammers who have been around awhile, that use the same known malicious content, that use the same internet protocol (IP) addresses that have been blacklisted, etc. However, some spammers may hijack new IP address ranges, use bot nets, buy new domains through which to send spam, use randomized malicious content, use variations in subjects, etc. in order to launch unusual and/or sudden spam attacks that will not be recognized by spam filters until after harm has been done because by the time enough spam votes are received for a spam classifier to learn a bad reputation, the spam attack may have already affected numerous users. Because such attacks use randomized or differing subjects, content, sender credentials, etc. no single feature will reveal the complete spam campaign. Thus, security of users may become compromised such as where users read and/or take action (e.g., click on a link to malicious content) with regard to the spam. Also, users may become frustrated when their inbox is inundated with such spam.